WebHttpBinding Security Question

Question

Hi,

I have created a RESTful Service and implemented the Authentication. It accepts username and password and then grants access to the service requested. It Works fine. Now I want to use SSL on top of my Service. For this I Created Certificate, Then In IIS I gave the required settings. But my service is not working. I am using webHttpBinding.

my Web.Config on service side is :

 <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
    <service  behaviorConfiguration="ServiceBehavior" name="TestAPI">
      <host>
        <baseAddresses>
          <add baseAddress="https://localhost/AuthWithSSLTest/API/TestAPI.svc" />
        </baseAddresses>
      </host>
    <endpoint address="" behaviorConfiguration="RESTFriendly" bindingConfiguration="MywebHttpBinding"  binding="webHttpBinding" contract="ITestAPI" >
      </endpoint>
      <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
  </service>
</services>
<client /><bindings>
  <webHttpBinding>
    <binding name="MywebHttpBinding">
      <security mode="Transport" >
       <transport clientCredentialType="Certificate"/>
      </security> 
    </binding>
  </webHttpBinding>     
</bindings>
<behaviors>
  <endpointBehaviors>
    <behavior name="RESTFriendly">
      <webHttp />
    </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
      <serviceCredentials>
        <clientCertificate>
          <authentication revocationMode="NoCheck" />
        </clientCertificate>
        <serviceCertificate findValue="CN=tempCertClient" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

And In my client side app.config I have

<system.serviceModel>
    <behaviors>
        <endpointBehaviors>
            <behavior name="NewBehavior">
                <clientCredentials>
                    <clientCertificate findValue="CN=tempCertClient" storeLocation="LocalMachine" />
                    <serviceCertificate>
                        <authentication certificateValidationMode="PeerTrust" revocationMode="NoCheck" />
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <customBinding>
            <binding name="WebHttpBinding_ITestAPI">

              <httpTransport/>
            </binding>
        </customBinding>
    </bindings>
    <client>
        <endpoint address="https://localhost/AuthWithSSLTest/API/API.svc/TestMethod"
            behaviorConfiguration="NewBehavior" binding="customBinding"
            bindingConfiguration="WebHttpBinding_ITestAPI"
            contract="TestAPI.ITestAPI" name="WebHttpBinding_ITestAPI" />
    </client>
</system.serviceModel>

When I try to Run Client, it says Provided URI scheme Https is invalid, http required.

Also when I try to invoke the Web Service from VS2008, it says "Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]."

if I try to run the web service from IIS, it says "Could not find a base address that matches scheme http for the endpoint with binding WebHttpBinding. Registered base address schemes are [https]."

I have tried googling and tried all the suggested things, but no awail. Please Help.

Thanks in Advance, Tara Singh

Answer 1

In your client configuration, try changing:

<httpTransport/>

to:

<httpsTransport/>